Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn to access more than one subnets

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 3 Posters 994 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer
      last edited by chpalmer

      What do your OpenVPN firewall rules look like?

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • bthovenB
        bthoven
        last edited by

        here it is
        e81c4e37-a6f1-4439-a2ea-53e299d95afb-image.png

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          You need to edit your OpenVPN Server instance. Go to Tunnel Settings - IPv4 Local network(s) and add your 192.168.3.0/24 network there.

          bthovenB 1 Reply Last reply Reply Quote 0
          • bthovenB
            bthoven @KOM
            last edited by bthoven

            @KOM said in Openvpn to access more than one subnets:

            You need to edit your OpenVPN Server instance. Go to Tunnel Settings - IPv4 Local network(s) and add your 192.168.3.0/24 network there.

            Thanks. My tunnel settings already force all ipv4.
            Sorry, my .2.xx devices can access all .3.xx devices, except the Access Point (OpenWrt, 192.168.3.254) web admin page, ping from .2.xx failed. It could be any setting I need to adjust on the AP?
            4e6f1706-4876-41ed-8c72-073567ab0b11-image.png

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Your AP may only respond to traffic from its local network. You can check by doing a packet capture on your IOT interface while pinging the AP and see if the ping packets are leaving the IOT interface for the AP.

              1 Reply Last reply Reply Quote 1
              • bthovenB
                bthoven
                last edited by bthoven

                Here are the packet capturing on my IOT interface when I'm on 192.168.2.9.

                When I ping 192.168.3.24, which is successful:
                2f8e7a69-696e-486a-a88f-a9cb67b8a7a1-image.png

                When I ping 192.168.3.254, which is time-out.
                d981a864-4467-4dac-9f4b-611ffae3e954-image.png

                Please bear with me. I'm still learning all these.

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  OK, that tells you that the packets are leaving the IOT interface. The unit you're pinging isn't responding.

                  1 Reply Last reply Reply Quote 1
                  • chpalmerC
                    chpalmer
                    last edited by

                    Look at the LAN settings on your AP. Are they correct?

                    With OpenVPN the server already knows its local addresses. Nothing to change there. Usually changes for the server side happen on the client side. and visa versa.

                    Show your IOT interface rules.

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 1
                    • bthovenB
                      bthoven
                      last edited by bthoven

                      Thanks. If I replace my Openwrt AP with my Tenda stock firmware AP, I can access it! It seems to be some setting is needed on my Openwrt AP. Any idea what could it be?

                      update: ok now. I did not set gateway and dns ip to be 192.168.3.1 on my AP

                      1 Reply Last reply Reply Quote 0
                      • chpalmerC
                        chpalmer
                        last edited by chpalmer

                        :)

                        Gateway and subnet are important.

                        For a device to reply it has to know how to.

                        Gateway- any address outside of the device subnet goes here.

                        subnet- how big is my subnet range anyways? When must I forward my requests though the gateway address?

                        Triggering snowflakes one by one..
                        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                        1 Reply Last reply Reply Quote 1
                        • bthovenB
                          bthoven
                          last edited by bthoven

                          Thanks. I did not specify it because when I installed my first AP, I didn't have to.

                          Networking is not my area and I learned a lot from you guys here. Installing PfSense forced me to have more hand-on experience on networking.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.